Virgo Pärna skrev den 2015-02-05 09:46:
Recently I have received some viruses that have scr inside zip
arhcive inside zip archive. And also there have been some cab's
containing exe
files.
google foxhole clamav
Since I have already blocked exe and scr files in exim mime check I
did try
to search Google for blocking those files inside archives. And since I
did not
have mutch success with it, I decided to post sample rules here.
this is a foxhole rule snippet :=)
my question will be what happen in clamav if scr is double packed with
zip ?
so the first unzip will be another zip file, that contains the scr file,
hopefully foxhole rules do test it or clamav unpack all
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
